cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-34210,https://securityvulnerability.io/vulnerability/CVE-2022-34210,Missing Permission Check in Jenkins ThreadFix Plugin from Jenkins,"The Jenkins ThreadFix Plugin has a critical security oversight due to a missing permission check. This flaw allows users with Overall/Read permission to connect to URLs specified by an attacker. Compromise through this vulnerability could lead to unauthorized data exposure or other malicious activities, emphasizing the necessity for immediate updates to secure the environment.",Jenkins,Jenkins Threadfix Plugin,6.5,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2022-06-23T17:15:00.000Z,0
CVE-2022-34209,https://securityvulnerability.io/vulnerability/CVE-2022-34209,Cross-Site Request Forgery in Jenkins ThreadFix Plugin,"A cross-site request forgery (CSRF) vulnerability exists in the Jenkins ThreadFix Plugin, allowing attackers to execute unauthorized commands by sending requests that exploit the trust between the user and the application. This can lead to connections to an attacker-specified URL, posing a significant risk to the integrity and security of Jenkins installations running ThreadFix Plugin versions 1.5.4 and earlier.",Jenkins,Jenkins Threadfix Plugin,6.5,MEDIUM,0.0005300000193528831,false,,false,false,false,,,false,false,,2022-06-23T17:15:00.000Z,0